The widespread use of various computing devices (e.g., personal computers, notebooks, tablets, smartphones, and the like), the advent of high-performance servers and high-capacity data storage, the significant increase in the capacity of computer networks and substantial lowering of the price of network traffic to the end user in recent years has given a powerful impetus to the use of external servers for data processing and storage by individual users and entire organizations. For example, cloud technologies are becoming increasingly popular, such as cloud computing (i.e., a technology of online computing providing universal and convenient network access on demand to computing resources) and cloud data storage (i.e., a technology of online storage providing data storage on many servers distributed throughout the network).
The data being remotely stored and processed often has high value, and unauthorized access to it may lead to large financial losses, for example, as in the case of theft of remotely stored and processed data. Therefore, there is currently significant attention and resources applied to the security of data access and the storage and use of data.
One stage of remote data access is the authentication of the user in the data storage system. During the authentication, the user sends authentication data to the server, such as log-in and password. At this stage, hackers have an opportunity to intercept the authentication data being transmitted by the user for an unauthorized accessing of the user's data in the remote storage. In particular, even if the hacker only intercepts the check sum of the password (e.g., md5 is often used as the check sum), a hacker can reconstruct the password by trial and error (i.e., brute force) or by finding collisions/clashes and gain access to other user data (e.g., email).
To increase the security of authentication, several techniques of biometric authentication, a multistage authentication, when the user indicates authentication data obtained from various sources (such as log-in and password in the possession of the user, plus access code which the user obtains from the server on his mobile telephone), and others are widely used. Greater security of authentication is achieved by increasing the quantity of authentication data (as in the case of a multistage authentication) and the methods of obtaining such data (as in the case of biometric authentication), therefore, making it more difficult for hackers to obtain and use this authentication data.
Although the above-described operating methods can suitably handle the tasks of authenticating users and providing them with data stored on servers, these methods are often no help in the case of directed attacks, when hackers do not employ standard methods of access to the user data (such as hacking or stealing of passwords and other confidential data), but those narrowly focused on a particular system (such as by exploiting vulnerabilities in the system) or the method of transmission of confidential data (such as intercepting and subsequent exploiting of authentication requests).